Privacy Policy
Last Updated: 15 Oct 2024
1. Introduction
This Privacy Policy outlines how Pomodoro CV ("we," "our," or "us") collects, uses, and protects your data when you use Pomodoro CV (the "Service"). By using the Service, you agree to the terms of this Privacy Policy.
2. Data Usage
2.1. Data Sent to OpenAI API
When you use our Service to generate CVs and cover letters, we may send certain data to the OpenAI API to assist in document generation. This data does not include personal information such as your name, email, home address, phone number, year of birth, or LinkedIn profile URL. The data sent to the OpenAI API may include information provided by you to create documents, but we do not store this data ourselves. Please consult the OpenAI Enterprise Privacy Policy for details on how they handle this data.
3. Future Data Collection
3.1. Possibility of Future Data Collection
While we currently do not store user data beyond what is necessary for the document generation process, we may begin to collect data in the future to enhance our services, provide better user experiences, or for other purposes. In such cases, we will update this Privacy Policy accordingly.
3.2. User Notification
Please note that if we decide to collect additional data in the future, we reserve the right to do so without prior notification to users who have previously used the tool. It is your responsibility to periodically review this Privacy Policy for any updates.
4. Security
We take reasonable measures to protect the data that we collect or process from unauthorized access or disclosure. However, please be aware that no method of data transmission or storage is entirely secure, and we cannot guarantee the security of your data.
5. Links to Third-Party Websites
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third-party websites or services. We encourage you to review the privacy policies of these websites or services when you navigate away from our platform.
6. GDPR Compliance
Data Controller and Data Processor
For the purposes of GDPR, we act as both the Data Controller and Data Processor of your personal data. This section outlines our practices regarding the collection, processing, and storage of your personal data, in compliance with the General Data Protection Regulation (GDPR).
Personal Data We Collect
When you use our AI-based CV, cover letter, and interview question generation tool, we temporarily store your personal data in our database to process your request. This includes the information necessary to create your documents. The data is periodically removed from our database to ensure your privacy. Additionally, the generated documents (CV, cover letter, and suggested interview questions) are sent to you via email. This process involves using a third-party email server provided by Gmail, where the emails may be stored in the sent folder.
In the event of an error during the use of our service, we may retain your email address in our inbox to assist you in resolving the issue. This allows us to reference your information later and provide the necessary support. Your email will be securely stored in our email inbox and will not be used for any other purposes.
Legal Basis for Processing
We process your personal data based on the legal basis of consent. By using our service and checking the consent box provided on our form, you consent to the processing of your personal data as described in this policy.
Data Retention and Deletion
Although we do not store your data on our servers, the emails containing your documents will be stored in the sent folder of our Gmail account. We do not have a set retention policy for these emails, and they may be deleted periodically, especially if we need to manage storage space or for other operational reasons. You have the right to request the deletion of your data at any time by contacting us through our contact page.
Data Access and User Rights
You have the right to access, rectify, or delete any personal data we hold about you. If you wish to exercise any of these rights, please contact us via our contact page. We will respond to your request in accordance with GDPR requirements.
Data Sharing and Transfers
We do not share your personal data with any third parties, except where necessary to process your requests or comply with legal obligations. The data you provide will only be accessible by authorized personnel within our organization and will be processed through the servers hosted by Gmail.
Security Measures
We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.
Changes to This Policy
We may update this GDPR compliance section from time to time to reflect changes in our practices or in legal requirements. We encourage you to review this section periodically for the latest information on our privacy practices.
Contact Information
If you have any questions or concerns regarding our GDPR compliance or how your data is handled, please contact us via our contact page.
7. Payment Processing with Stripe
Use of Stripe as a Payment Gateway
We use Stripe as our third-party payment processor to handle payments made on our website. Stripe is a secure and reputable service provider that processes payment transactions on our behalf. When you make a purchase through our website, your payment information is securely transmitted to Stripe for processing. We do not store or have access to your full payment details, such as your credit card number. Stripe handles these details directly in accordance with its own privacy policy.
For more information on how Stripe handles your personal data, please review Stripe’s Privacy Policy.
Data We Collect and Process
In connection with your purchase, we may collect personal data such as your name, billing address, and email address. This information is necessary to process your payment and complete your transaction. We do not collect or store your full payment details, as these are managed by Stripe.
The personal data we collect is used to:
- Facilitate your transaction and deliver the products or services you purchase.
- Comply with legal obligations, such as fraud prevention and financial record-keeping.
- Communicate with you regarding your order, including sending confirmation emails and receipts.
Legal Basis for Processing
The legal basis for processing your payment data is the necessity for the performance of a contract (i.e., processing your purchase) and our compliance with legal obligations, such as fraud prevention and record-keeping.
Data Sharing and Transfers
We share your payment data with Stripe solely for the purpose of processing your payment. Stripe may also share your data with its affiliates and service providers as necessary to provide their services. We do not share your payment data with any other third parties, except as required by law.
For more information on Stripe's data sharing practices, please refer to Stripe’s Privacy Policy.
Data Security
The security of your payment information is handled securely by Stripe. We rely on Stripe's robust security measures to protect your data during payment processing.
Your Rights
You have the right to access, rectify, or delete any personal data we hold about you. If you wish to exercise any of these rights, please contact us via our contact page. We will respond to your request in accordance with applicable data protection laws.
Changes to This Policy
We may update this section of our Privacy Policy from time to time to reflect changes in our use of Stripe or to comply with legal requirements. We encourage you to review this section periodically for the latest information on how we handle your payment data.
If you have any questions or concerns about our use of Stripe as a payment gateway or how your payment data is handled, please contact us via our contact page.
9. Contact Information
If you have any questions or concerns about this Privacy Policy or your data, please contact Pomodoro CV at info@pomodorocv.com.
8. Analytics and Tracking Technologies
We use Google Analytics and Meta Pixel to understand how visitors interact with our website. These tools help us analyze user engagement, improve our services, and provide you with a better browsing experience.
Google Analytics collects information such as the pages you visit, the time you spend on those pages, how you arrived at our site, and what you click on. This data is anonymized and aggregated to help us identify trends and usage patterns without identifying individual users.
Meta Pixel allows us to measure the effectiveness of our advertising by understanding how you interact with our ads on Facebook and Instagram.
10. Changes to Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices or for other operational, legal, or regulatory reasons. We recommend that you review this Privacy Policy periodically to stay informed about how we collect, use, and protect your data.
By using the Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy.